Authentication System

ABSTRACT

A two way authentication method, including receiving by an authentication server first encrypted data from a merchant computing device, receiving by the authentication server second encrypted data from a customer computing device, determining by the authentication server if the first encrypted data matches the second encrypted data, if the first encrypted data matches the second encrypted data, authenticating the customer computing device, if the first encrypted data does not matches the second encrypted data, not authenticating the customer computing device.

FIELD OF THE INVENTION

Embodiments generally relate to a system, and method using that system,to authenticate a person.

BACKGROUND OF THE INVENTION

Existing methods for authentication of a user to a physical place or toa digital contents such as online account, banking account at an ATMstation, online payment for products or services, or offline payment forproducts or services involving the user having a user credentials knownto two parties; a provider and the user. A known method that is widelyused is authentication using a user name and password known to anauthentication system such as a server and to a user. On the other hand,some methods involving a user carrying a physical card such as an IDcard or credit card with encoded information on magnetic or smart shipplaced on the card.

Other methods that are used as an added security to a user name andpassword are a programmable digital devices such as a fobs. Othermethods that are gaining popularity involve using a mobile gadgets sucha phone, tablet, or other electronic devices with an embedded operatingsystem as a method for authentication. Existing methods that utilizemobile gadgets use a mobile device to display static textual or encodedcontents such as barcode image to be scanned by a another party with ascanning device in order to perform authentication.

Other applications that relay on mobile devices to performauthentication use Near Field Communication (NFC) technologies. Suchapplication is known to exist in one Response to Notice of IncompleteReply (to Notice to File to Missing Parts) dated Jul. 16, 2013 or moreforms of Digital Wallet Mobile Applications, an example of suchapplication is Google Wallet Application. Other mobile applicationsrelay on GPS technology to authenticate a user for one or more forms ofearn and access loyalty rewards at merchant's. Such methods are known ascheck-ins. Existing techniques for authentication methods mentionedabove have been relatively easy to circumvent.

Certain prior art for authentication methods involves a user havingcredentials known to two parties, a provider and a user. A known methodsare widely used and relay on a known user name and password toauthenticate a user to a system such as a server.

When an existing credentials are known to multiple parties, it isstatic, and it can be vulnerable to skilled thieves who can gainunauthorized access to, physical places, data, or contents. Staticdigital contents used for user authentication is known to be vulnerableto skilled hackers.

Certain prior art for authentication methods involves a user carrying aphysical card such as an identification card or credit card with encodedinformation on a magnetic strip or smart ship placed on the card.

Encoding credentials contents on physical objects such credit cards oridentification cards for the purpose of authentication are known to beinsecure ways of authentication. In many instances, a user is asked tocarry multiple forms of identification cards. Authentication requiresanother person equipped with credit card or identification card readerto read and verify credentials. It is always assumed that a carrier of acredit card or identification card is the authorized owner. A stolen orlost credit card or identification card is high risk for unauthorizedaccess by a unauthorized person. In some cases, a known pin or passwordmust be remembered as an additional security measure. This method forauthentication is known to have a high security risk. In addition, dataencoded on a physical card is static, and require save guarding by theproviding party.

Certain prior art for authentication methods involves a programmeddigital device such as a fob. Fobs require a one time programming. A fobdevice is a measure for added security only. On its own, a fob device isnot a stand alone solution for authentication. Fob devices carry nocommunication, and if lost, it require a physical replacement.

Certain prior art for authentication methods involves using mobilegadgets such smart phone, tablet, or other electronic devices with anembedded operating system. Existing methods that utilize mobile gadgetsuse a mobile device to display static textual or encoded contents suchas barcode images. Barcode images are scanned by a second party with ascanning device in order to perform authentication.

Existing technologies that utilize mobile gadgets such smart phonesrelay on assigning an ID to a mobile user, and encode that ID in a formof a barcode, QR Code, or other images using a mobile application. Thismethod relays on a second party with a scanning device to scan thebarcode image displayed on the user's mobile device.

The scanning device is used to decode data and initialize a request inorder to authorize a user for a purpose of a transaction. This methodrelay on static authentication ID assigned to a user. Thisauthentication process is initiated by one scanning device typical in aphysical place like a store. It is vulnerable to fraud because staticauthentication data can be copied or shared among multiple users withmobile devices. A skilled hacker can gain access to the scanning device,and as result can collect authentication data belonging to plurality ofusers. The scanning device requires a dedicated secure line ofcommunication. All authentications request is initiated by the scanningdevice on the same line of communication. A skilled hacker can interceptthe single line dedicated for authentication request, and as a resultgain access to authentication data belonging to plurality of users.

A static barcode, QR Code, or other forms of images that are displayedby a mobile application and assigned to a user for a purpose ofauthentication, can be compromised by a dishonest user taking a screenshot of the displayed image and distribute to multiple users.

The system in this case relay on the honesty of users. Example ofcurrent applications in the market that relay on QR Code and barcode asa form of authentication on a mobile payment systems are LevelUp.com,Starbucks Mobile Application, and SquareUp.com. Each user in this caseis assigned a static ID encoded as a qr-code or barcode image. Thebarcode or QR Code image is displayed by user's mobile devices. When auser wishes to use this mobile payment method at a merchant, the user isrequired to scan the barcode or QR Code image displayed on the user'smobile device. The scanner device at the merchant communicates with anauthentication server and carries on the authentication process.

There is a need in the market for a better technology to facilitateauthentication using mobile devices for mobile users for wide spectrumof needs.

SUMMARY OF THE INVENTION

Applicant's authentication is a two way authentication method that relayon a mobile user equipped with a mobile device. User's mobile deviceinitiates and carries authentication request. A user equipped with amobile device scans a 3D object displayed on a second device. The 3Dobject displayed on a second device is rotating at variable speed anddirection. The rotation speed and direction of the 3D object is changingbased on time and place. Location proximity of a mobile user to thesecond device is accomplished as it is requirement for a mobile user toperform a scanning of the 3D rotating object. displayed on the seconddevice. On each surface of the 3D object data is encoded in the form ofa barcode, QR Code, or an image.

Images, ID codes, and contents are dynamic and change every few seconds.Encrypted data that is specific to the time and place is sliced, andencoded as a barcode, QR Code, or images on each surface of a 3D movingobject. The encoded data is valid for a very short time, and onceexpired, it cannot be replication never again.

Credentials are confirmed by using user's mobile device as an initiatorand carrier for an authentication request. Applicant's method uses threeway encryption methods. The encryption is done online using threedevices, merchant computing device 110, customer computing device 150,and Authentication server 130. The encrypted data encoded and displayedas barcodes, QR codes, or images on each surface of a 3D image is knownonly to Authentication server 130 and computing device 110. The customercomputing device 150 has no means to decrypt authentication data.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be better understood from a reading of the followingdetailed description taken in conjunction with the drawings in whichlike reference designators are used to designate like elements, and inwhich:

FIG. 1 illustrates an exemplary embodiment of Applicant's authenticationnetwork;

FIG. 2 summarizes a portion of Applicant's method wherein a merchantcomputing device forms certain first encrypted data;

FIG. 3A illustrates a three-dimensional cube rotating in a direction androtation speed wherein the 6 faces recite certain encrypted data encodedas a QR Code image;

FIG. 3B illustrates a three-dimensional cube wherein the 6 faces areflattened. On each of the 6 flattened faces recite certain encrypteddata encoded as a QR Code image;

FIG. 3C illustrates a three-dimensional cube wherein the 6 faces recitecertain encrypted data encoded as picture image;

FIG. 4 summarizes a portion of Applicant's method wherein a customercomputing device forms certain second encrypted data;

FIG. 5 summarizes a portion of Applicant's method wherein Applicant'sauthentication server decrypts the second encrypted data;

FIG. 6 summarizes a portion of Applicant's method wherein Applicant'sauthentication server decrypts the first encrypted data; and

FIG. 7 summarizes a portion of Applicant's method wherein Applicant'sauthentication server provides the decrypted data of FIGS. 5 and 6 tomerchant's computing device, and wherein the merchant's computing devicedetermines whether to authenticate the customer computing device and theUser thereof.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

The invention is described in preferred embodiments in the followingdescription with reference to the FIGs., in which like numbers representthe same or similar elements. Reference throughout this specification to“one embodiment,” “an embodiment,” or similar language means that aparticular feature, structure, or characteristic described in connectionwith the embodiment is included in at least one embodiment of thepresent invention. Thus, appearances of the phrases “in one embodiment,”“in an embodiment,” “in certain embodiments,” and similar languagethroughout this specification may, but do not necessarily, all refer tothe same embodiment. It is noted that, as used in this description, thesingular forms “a,” “an” and “the” include plural referents unless thecontext clearly dictates otherwise.

The described features, structures, or characteristics of theinvention(s) may be combined in any suitable manner in one or moreembodiments. In the following description, numerous specific details arerecited to provide a thorough understanding of embodiments of theinvention(s). One skilled in the relevant art will recognize, however,that the invention(s) may be practiced without one or more of thespecific details, or with other methods, components, materials, and soforth. In other instances, well-known structures, materials, oroperations are not shown or described in detail to avoid obscuringaspects of the invention.

Referring to FIG. 1, a portion of Applicant's authentication network 100is illustrated. In the illustrated embodiment of FIG. 1, Applicant'sauthentication network 100 comprises Applicant's authentication server130 that is communicatively connected to a computing device 110 througha first communication fabric 120 and a computing device 150 through asecond communication fabric 140.

In certain embodiments, computing device 110 is owned and operated by aplace of business, such as and without limitation a retail store. Incertain embodiments, computing device 150 is owned and operated by aperson, such as and without limitation, a customer in a place ofbusiness.

As a general matter, Applicant's authentication server 130 and computingdevices 110 and 150 each are independently selected from the groupconsisting of a mainframe computer, a personal computer, a workstation,a mobile telephone, a smart telephone, a personal digital assistant, alaptop, a set-top box, an MP3 player, an email enabled device, a tabletcomputer, a web enabled device, or other special purpose computer eachhaving one or more processors.

For the sake of clarity, FIG. 1 shows computing devices 110 and 150 incommunication with Applicant's authentication server 130. FIG. 1 shouldnot be taken as limiting. Rather, in other embodiments a plurality ofcomputing devices 150 owned and operated by potential customers/buyers,and a plurality of computing devices 110 owned and operated bybusinesses, are in communication with Applicant's authentication server130.

Furthermore, for the sake of clarity, FIG. 1 shows a singleauthentication server 130. In other embodiments, Applicant'sauthentication network 100 comprises a plurality of Applicant'sauthentication server 130 disposed in a plurality of differinggeographical regions.

As illustrated in FIG. 1, the communication fabrics 120 and 140 eachcomprise one or more switches 121 and 141, respectively. In certainembodiments, communication fabrics 120 and 140 are the same. In certainembodiments, at least one of the communication fabrics 120 and 140comprises the Internet, an intranet, an extranet, a storage area network(SAN), a wide area network (WAN), a local area network (LAN), a virtualprivate network, a satellite communications network, an interactivetelevision network, or any combination of the foregoing. In certainembodiments, at least one of the communication fabrics 120 and 140utilizes either or both wired or wireless connections for thetransmission of signals including electrical connections, magneticconnections, or a combination thereof. Examples of these types ofconnections include: radio frequency connections, optical connections,telephone links, a Digital Subscriber Line, or a cable link. Moreover,communication fabrics 120 and 140 utilize any of a variety ofcommunication protocols, such as Transmission Control Protocol/InternetProtocol (TCP/IP), for example.

By way of illustration and not limitation, FIG. 1 illustrates computingdevice 110, the Applicant's authentication server 130, and computingdevice 150 as each comprising a processor 112, 132, and 152,respectively, a non-transitory computer readable medium 113, 133, and153, respectively. FIG. 1 further illustrates computing device 110, theApplicant's authentication server 130, and computing device 150 as eachcomprising an input/output means 111, 131, and 151, respectively, suchas a keyboard, a mouse, a stylus, touch screen, a camera, a scanner, ora printer.

Authentication server 130 and computing devices 110 and 150, furthercomprise computer readable program code 117, 137, 157, respectively,encoded in the computer readable medium 113, 133, and 153. Processors112, 132, and 152, respectively utilize computer readable program codeto operate computing devices 110, 130, and 150, respectively.

In the illustrated embodiment of FIG. 1, computing devices 110 and 150comprise display screen/scanning device 115 and 155, respectively. Incertain embodiments of Applicant's method, merchant computing device 110displays on screen 115 a three-dimensional cube wherein one or more ofthe 6 faces recites encrypted QR Code data. In certain embodiments,customer computing device 150 utilizes scanning device 155 to captureone or more images of the three-dimensional cube displayed by merchantcomputing device 110.

In the illustrated embodiment of FIG. 1, computing devices 110 and 150each comprise a unique public encryption key 114 and 154, respectively,and a unique private encryption key 116 and 156 encoded in computerreadable media 113 and 153, respectively. In certain embodiments,computing devices 110 and 150 each comprise a unique identifier 118 and158 encoded in computer readable media 113 and 153, respectively.

In the illustrated embodiment of FIG. 1, authentication server 130comprises public encryption keys 114 and 154 encoded in computerreadable medium 133. In the illustrated embodiment of FIG. 1,authentication server 130 further comprises private encryption keys 116and 156 encoded in computer readable medium 133. In the illustratedembodiment of FIG. 1, authentication server 130 further comprisesidentities 118 and 158 encoded in computer readable medium 133.

Applicant's authentication process is a two way authentication thatemploys a user's mobile device, such as computing device 150, as theinitiator for the authentication request. Location proximity isaccomplished wherein the user must perform a scan using computing device150 of an image, barcode, QR code, and/or combinations thereof,displayed on screen 115 of computing device 110. In certain embodiments,the image displayed comprises a three dimensional (“3D”) rotatingobject. In certain embodiments, that 3D rotating object comprises arotating cube 310 (FIG. 3). The rotating cube is rotating at specificdirection at each time period, and at a rotation speed at each timeperiod. The scanning device 150 in addition to scanning the image,barcode, and or qr code recited on each surface of the 3D object, itreads the rotation direction of 3D object, as well as the rotation speedof the 3D object. Both rotation speed and direction are two parametersthat are known and recorded by device 110.

3D Objects in FIG. 3 is shown to be a cube, but without limitation, a 3Dobject can be a Rectangular Prisms, Triangular Prism, Hexagonal Prism,Triangular Pyramid, Tetrahedron, Cylinders, Cones, Spheres.

The encrypted data sliced and recited on each surface of the 3D rotatingobject as image, barcode, qr code and other contents displayed on screen115 are dynamic and change every few seconds. The encrypted data slicedand recited on each surface of the 3D rotating object as image, barcode,qr code and other contents are only specific to the time and place, andcannot be replicated again.

Credentials are confirmed by using a user's mobile device 150 for therequest for authentication. Applicant's system and method utilizes threeway encryption methods (Encryption Server 130 to merchant computingdevice 110, merchant computing device 110 to customer computing device150, and customer computing device 150 to Authentication server 130).The encryption is done online using all three computing devices. Theencrypted data displayed on the QR code on the 3D object is only knownto the authentication server 130 and the merchant computing device 110.The user has no means to decrypt that QR code data.

The data displayed on the QR code on the 3D image can have one or moreof this: GPS data, transactional data, Device ID, Time stamps, Decodedmessages only known to the Authentication server 130 and other data onlyknown to the merchant computing device 110. In order to authenticate auser who performs a scan of the 3D object displayed on the screen 115using computing device 150, the following must be accomplished: (1) thedata originally known to the server, and encrypted and sent to computingdevice 110 to be sliced and recited on each surface of the 3D rotatingobject as image, barcode, qr code, and contents must match the dataresident on authentication server 130 at that time, and (2) the usercredentials 154, 156, and 158, must match the corresponding data knownto the server at that time. (3) Rotation speed and direction of the 3Dobject as captured by user device 150 and known to merchant computingdevice must match based on the time of the capture the data known to theserver 130 and device 110. The mobile user shares a private and a publickey pair with the authentication server 130. The pair is used to encryptand decrypt authentication data requests by a mobile user.

The private public keys are specific to each device and only can be usedby one device at a time, and by one user at a time. If GPS is enabled,the GPS signal on computing device 110 and computing device 150 arecompared for proximity as an added measure for security, but not arequirement.

Applicant's authentication process does not rely on one party to performauthentication. The user's mobile computing device 150, the merchant'scomputing device 110, and authentication server 130 share theresponsibility of authentication. All three devices utilize private andpublic keys for encryption. The authentication server 130 and computingdevice 110 share a unique private and public key pair. Each computingdevice 150 and authentication server 130 share a unique private andpublic key pair.

All data said to exist and known to authentication server 130, computingdevice 110, and computing device 150, are unique to time and space, andit is impossible to recreate or to duplicate once it is expired. Suchdata exist for a very short period of time.

The QR code data is embedded on each surface of the 3D object. Thefrequency of the rotation is one aspect of the authorization. Inaddition, the rotation direction is another aspect of the authorization,and the sequence of the data read by the computing device 150 as ascanning device using the supplied application is a another aspect ofthe authorization process.

Applicant's authentication process can be used for a wide spectrum ofmobile user authentication application such as Digital walletApplications wherein no sensitive or credit card information istransported, stored, or shared with merchant or mobile user device.Authentication server 130 will authorize payment using a provider APIsuch as Google Wallet, and PayPal API keys. Only confirmation or denialdata are communicated to computing device 110 and computing device 150.

Using prior art systems and methods, authentication for online paymentoptions was not available for offline stores at merchant locations.Using Applicant's system and method, merchants who have online storescan also offer a user an option to pay at a “bricks and mortar” locationwith the on-line payment options offered on the online store.

Other usage of Applicant's authentication process are digitalidentification such as insurance cards, employee cards, employee timecards, access to buildings, access to digital contents on server orcomputing device where a 3D object can be displayed in the place of ascreen saver waiting for a mobile user to scan the rotating 3D object.Other usage can be for ATM access, where a user is required to beauthorized by scanning the 3D rotating object recited on the ATM screenusing a mobile device. Other added security such as pin and password canbe used and integrated by a third party application as an extra but notrequired authentication method.

FIGS. 2 through 7 summarize the steps of Applicant's method utilizingApplicant's authentication system 100 (FIG. 1). FIG. 2 summarizes theportion of Applicant's method wherein merchant computing device 110forms encrypted data to be scanned by customer computing device 150 andsubsequently provided to Applicant's authentication server 130.Referring to FIG. 2, a merchant's computing device 110 comprises data210 which includes a current time, a unique identifier 118, a merchantID 119 a, and a transaction code 199 b.

In step 220, merchant computing device 110 generates a random key 230.In step 240, merchant computing device 110 utilizes key 230 to encryptthe data 210 to generate encrypted data 270.

In step 250, merchant computing device 110 encrypts key 230 using apublic key 114 to generate an encrypted key 260.

In step 280, merchant computing device 110 combines encrypted data 270and encrypted key 260 and generates encrypted QR code 280. Further instep 280, merchant computing device 110 displays the encrypted data asQR Code 280 on a three dimensional (“3D”) cube 310 (FIG. 3A).

In step 290, the user scans the image of the 3D cube displayed on screen115 of merchant device 110.

Referring to FIG. 3A, in step 290 the user scans an image of cube 310 asthat image rotates on screen 115. The information provided by customercomputing device 150 to authentication server 130 includes the pixelscomprising the data encoded on cube 310 in addition to the direction andspeed of rotation of cube 310.

FIG. 3B illustrates all six sides of cube 310. The data encoded in theQR Code disposed on faces 640, 650, 660, 670, 680, and 690, changes ascube 310 rotates. This being the case, the pixels comprising an image ofeach face 640, 650, 660, 670, 680, and 690, change as cube 310 rotates.The information provided by customer computing device 150 toauthentication server 130 further includes the changes to the pixelscaptured by customer computing device 150, and the sequence of pixelscaptured by customer computing device 150.

Those skilled in the art will appreciate, that the sequence of pixeldata captured by customer computing device 150 is a function of thedirection of rotation of cube 310. If cube 310 rotates in a firstdirection, the sequence of faces presented comprises 640, 650, 660, 670,680, and then 690. In contrast, if cube 310 is caused to rotate in asecond and opposite direction, the sequence of faces presented comprises690, 680, 670, 660, 650, and then 640.

Referring to FIG. 3C, Applicant's rotating cube 310 need not recite QRCode-type data. Any series of six images that when captured by a cameraor scanning device disposed in customer computing device 150 generatespixel data for each of faces 345, 355, 365, 375, 385, and 395, can bedisplayed on rotating cube 310.

FIG. 4 summarizes the portion of Applicants method wherein a customercomputing device 150 forms encrypted data to be provided to Applicant'sauthentication server 130. Referring now to FIG. 4, a customer computingdevice 150 comprises data 410 which includes a current time, a uniqueidentifier 158, and the encrypted QR Code data 280.

In step 420, customer computing device 150 generates a random key. Instep 440, customer computing device 150 utilizes the random keygenerated in step 420 to encrypt data 410 to generate encrypted data470.

In step 450, customer computing device 150 encrypts the random keygenerated in step 420 using a public key 154 to generate an encryptedkey 460.

In step 480, customer computing device 150 combines encrypted data 470and encrypted key 460 to form encrypted data 480 to be sent toApplicant's authentication server 130. The encrypted computing data 480includes the encrypted QR Code data 280 previously generated by merchantcomputing device 110.

In step 490, the customer computing device 150 provides the encrypteddata 480 to Applicant's authentication server 130.

FIG. 5 summarizes the portion of Applicant's method wherein Applicant'sauthentication server 130 decrypts a portion of the encrypted data 480received from customer computing device 150, wherein that encrypted dataincludes the encrypted QR code data 280.

In step 520, Applicant's authentication server 130 decrypts key 460using the server's private key to form computing device random key 430.In step 530, Applicant's authentication server 130 utilizes random key430 to decrypt previously encrypted data 480. Using random key 430,Applicant's authentication server 130 can reproduce data 410.Applicant's authentication server 130 cannot, however, reproduce data210 using the decrypted random key 430.

FIG. 6 summarizes the steps of Applicant's method to decrypt QR Codedata scanned by customer computing device 150 from 3D cube 310.Referring now to FIG. 6, data 610 comprises QR Code data thatApplicant's authentication server cannot decrypt using customercomputing device 150 random key 430. In step 620, Applicant'sauthentication server decrypts the previous encrypted key 260 using theserver's private key to reproduce merchant computing device 110 randomkey 230.

In step 630, Applicant's authentication server 130 utilizes random key230 to decrypt the previously encrypted QR Code data 280. Applicant'sserver in FIG. 5 reproduces customer computing device data 410.Applicant's server in FIG. 6 reproduces merchant computing device data210. In step 640, Applicant's authentication server provides Push Noticeto merchant computing device 110, wherein that notification comprisescustomer computing device 150 User ID, merchant transaction code 199 a,and merchant computing device random key 230.

FIG. 7 summarizes the steps of Applicant's method wherein merchantcomputing device receives Push Notification from Applicant'sauthentication server, and determines whether to authenticate customercomputing device 150 and the User thereof. Referring now to FIG. 7, instep 710 merchant computing device 110 receives Push Notification fromApplicant's authentication server, wherein that Push Notificationcomprises Transaction ID 119 a, merchant computing device 110 randomcode 230, the User's ID, and a time stamp of the QR code.

In step 720, merchant computing device 110 determines if the transactionID has expired. If merchant computing device 110 determines in step 720that the transaction ID received from Applicant's authentication serverhas expired, then the method transitions from step 720 to step 730wherein merchant computing device 110 does not authenticate customercomputing device 150.

Alternatively, if merchant computing device 110 determines in step 720that the transaction ID received from Applicant's authentication serverhas not expired, then the method transitions from step 720 to step 740wherein merchant computing device 110 determines if the Transaction IDand random key combination is correct. If merchant computing devicedetermines in step 740 that the Transaction ID and random keycombination is not correct, then the method transitions from step 740 tostep 730 wherein merchant computing device 110 does not authenticatecustomer computing device 150 and the User thereof.

Alternatively, if merchant computing device determines in step 740 thatthe Transaction ID and random key combination is correct, then themethod transitions from step 740 to step 750 wherein merchant computingdevice 110 authenticates customer computing device 150 and the Userthereof.

In certain embodiments, Applicant's authentication system 100 includesan article of manufacture, such as Applicant's authentication server130, comprising computer readable program code 137, encoded in anon-transitory computer readable medium, such as computer readablemedium 133, where that computer readable program code can be executed bya processor, such as processor 132, to implement one or more of thesteps of FIG. 2, FIG. 4, FIG. 5, FIG. 6, and/or FIG. 6.

In certain embodiments, Applicant's authentication system 100 comprisesa computer program product, where that computer program productcomprises computer readable program code comprises an “application”encoded in a merchant computing device 110, wherein that application canbe executed by merchant computing device 110 to implement one or more ofthe steps of FIG. 2 and FIG. 7.

In certain embodiments, Applicant's authentication system 100 comprisesa computer program product, where that computer program productcomprises computer readable program code comprises an “application”encoded in a customer computing device 150, wherein that application canbe executed by customer computing device 150 to implement one or more ofthe steps of FIG. 4.

In certain embodiments, Applicant's authentication system 100 comprisesa computer program product, where that computer program productcomprises computer readable program code comprises an “application”encoded in Applicant's authentication server 130, wherein thatapplication can be executed by Applicant's authentication server 130 toimplement one or more of the steps of FIG. 5 and/or FIG. 6.

In certain embodiments, the computer readable program code to implementthe steps of FIGS. 2, 4, 5, 6, and 7, is encoded in a non-transitorycomputer readable medium comprising, for example, a magnetic informationstorage medium, an optical information storage medium, an electronicinformation storage medium, and the like. “Electronic storage media,”means, for example and without limitation, one or more devices, such asand without limitation, a PROM, EPROM, EEPROM, Flash PROM, compactflash,smartmedia, and the like.

Examples of computer readable program code include, but are not limitedto, micro-code or micro-instructions, machine instructions, such asproduced by a compiler, code used to produce a web service, and filescontaining higher-level instructions that are executed by a computerusing an interpreter. For example, embodiments are be implemented usingJava, C++, or other programming languages (e.g., object-orientedprogramming languages) and development tools. Additional examples ofcomputer code include, but are not limited to, control signals,encrypted code, and compressed code.

While the preferred embodiments of the present invention have beenillustrated in detail, it should be apparent that modifications andadaptations to those embodiments may occur to one skilled in the artwithout departing from the scope of the present invention as set forthherein.

1. A two way authentication method, comprising: receiving by anauthentication server first encrypted data from a merchant computingdevice; receiving by said authentication server second encrypted datafrom a customer computing device; determining by said authenticationserver if said first encrypted data matches said second encrypted data;if said first encrypted data matches said second encrypted data,authenticating said customer computing device; if said first encrypteddata does not matches said second encrypted data, not authenticatingsaid customer computing device.
 2. The method of claim 1, furthercomprising forming merchant data comprising: a unique merchant ID issuedto said merchant by said authentication server; and a unique transactioncode issued to said merchant by said authentication server.
 3. Themethod of claim 2, further comprising: causing by said authenticationserver said merchant computing device to form encrypted merchant datausing a first private key and said first data; causing by saidauthentication server said merchant computing device to form encryptedfirst private key data using a first public key provided by saidauthentication server; causing by said authentication server saidmerchant computing device to form said first encrypted data comprisingsaid encrypted merchant data and said encrypted first private key data.4. The method of claim 3, further comprising: causing by saidauthentication server said merchant computing device to generate a firstplurality of images, wherein said first plurality of image comprise saidfirst encrypted data; causing by said authentication server saidmerchant computing device to display said first plurality of images on adisplay device.
 5. The method of claim 4, further comprising: causing bysaid authentication server said merchant computing device to displaysaid first plurality of images on all sides of an image of athree-dimensional object; causing by said authentication server saidmerchant computing device to display said image of saidthree-dimensional object on said display device; causing by saidauthentication server said merchant computing device to rotate saidimage of said three-dimensional object on said display device in aspecified direction and at a specified rotation rate.
 6. The method ofclaim 4, further comprising: causing by said authentication server saidcustomer computing device to form customer data comprising a secondplurality of images generated by said customer computing device byscanning said displayed first plurality of images; causing by saidauthentication server said customer computing device to form encryptedcustomer data using a second private key; causing by said authenticationserver said customer computing device to form encrypted second privatekey data using a second public key provided by said authenticationserver; causing by said authentication server said customer computingdevice to form said second encrypted data comprising said encryptedcustomer data and said encrypted second private key data.
 7. The methodof claim 6, further comprising: decrypting by said authentication serversaid encrypted first private key data using said first public key;decrypting by said authentication server said encrypted merchant datausing said first private key; decrypting by said authentication serversaid encrypted second private key data using said second public key;decrypting by said authentication server said encrypted customer datausing said second private key; wherein said matching step comprisescomparing by said authentication server said merchant data and saidcustomer data.
 8. The method of claim 7, further comprising: determiningby said authentication server a customer-reported direction of rotationof said cube using said decrypted customer data; determining by saidauthentication server a customer-reported rate of rotation of said cubeusing said decrypted customer data; wherein said matching step furthercomprises comparing said customer-reported direction of rotation withsaid specified direction of rotation; and wherein said matching stepfurther comprises comparing said customer-reported rate of rotation withsaid specified rate of rotation.
 9. An article of manufacture comprisinga non-transitory computer readable medium having computer readableprogram code encoded therein to perform authentication of a customercomputing device located adjacent to a merchant computing device, thecomputer readable program code comprising a series of computer readableprogram steps to effect: receiving first encrypted data from saidmerchant computing device; receiving second encrypted data from saidcustomer computing device; determining if said first encrypted datamatches said second encrypted data; if said first encrypted data matchessaid second encrypted data, authenticating said customer computingdevice; if said first encrypted data does not matches said secondencrypted data, not authenticating said customer computing device. 10.The article of manufacture of claim 9, wherein: merchant data includes aunique merchant ID issued to said merchant by said authenticationserver; and merchant data further includes a unique transaction codeissued to said merchant by said authentication server.
 11. The articleof manufacture of claim 10, the computer readable program code furthercomprising a series of computer readable program steps to effect:causing said merchant computing device to form encrypted merchant datausing a first private key and said first data; causing said merchantcomputing device to form encrypted first private key data using a firstpublic key provided by said authentication server; causing said merchantcomputing device to form said first encrypted data comprising saidencrypted merchant data and said encrypted first private key data. 12.The article of manufacture of claim 12, the computer readable programcode further comprising a series of computer readable program steps toeffect: causing said merchant computing device to generate a firstplurality of images, wherein said first plurality of image comprise saidfirst encrypted data; causing said merchant computing device to displaysaid first plurality of images on a display device.
 13. The article ofmanufacture of claim 12, the computer readable program code furthercomprising a series of computer readable program steps to effect:causing said merchant computing device to display said first pluralityof images on all sides of an image of a three-dimensional object;causing said merchant computing device to display said image of saidthree-dimensional object on said display device; causing said merchantcomputing device to rotate said image of said three-dimensional objecton said display device in a specified direction and at a specifiedrotation rate.
 14. The article of manufacture of claim 12, the computerreadable program code further comprising a series of computer readableprogram steps to effect: causing said customer computing device to formcustomer data comprising a second plurality of images generated by saidcustomer computing device by scanning said displayed first plurality ofimages; causing said customer computing device to form encryptedcustomer data using a second private key; causing said customercomputing device to form encrypted second private key data using asecond public key provided by said authentication server; causing saidcustomer computing device to form said second encrypted data comprisingsaid encrypted customer data and said encrypted second private key data.15. The article of manufacture of claim 14, the computer readableprogram code further comprising a series of computer readable programsteps to effect: decrypting said encrypted first private key data usingsaid first public key; decrypting said encrypted merchant data usingsaid first private key; decrypting said encrypted second private keydata using said second public key; decrypting said encrypted customerdata using said second private key; wherein said computer readableprogram code to determine if said first encrypted data matches saidsecond encrypted data comprises computer readable program codecomprising a series of computer readable program steps to effectcomparing said merchant data and said customer data.
 16. The article ofmanufacture of claim 7, the computer readable program code furthercomprising a series of computer readable program steps to effect:determining a customer-reported direction of rotation of said cube usingsaid decrypted customer data; determining a customer-reported rate ofrotation of said cube using said decrypted customer data; wherein saidcomputer readable program code to determine if said first encrypted datamatches said second encrypted data further comprises computer readableprogram code comprising a series of computer readable program steps toeffect comparing said customer-reported direction of rotation with saidspecified direction of rotation; and wherein said computer readableprogram code to determine if said first encrypted data matches saidsecond encrypted data further comprises computer readable program codecomprising a series of computer readable program steps to effectcomparing said customer-reported rate of rotation with said specifiedrate of rotation.
 17. A computer program product encoded in a computerreadable medium, said computer program product being useable by aprogrammable computer processor to perform authentication of a customercomputing device located adjacent to a merchant computing device,comprising: computer readable program code which causes saidprogrammable computer processor to receive first encrypted data fromsaid merchant computing device; computer readable program code whichcauses said programmable computer processor to receive second encrypteddata from said customer computing device; computer readable program codewhich causes said programmable computer processor to determine if saidfirst encrypted data matches said second encrypted data; computerreadable program code which, if said first encrypted data matches saidsecond encrypted data, causes said programmable computer processor toauthenticate said customer computing device; computer readable programcode which, if said first encrypted data does not match said secondencrypted data, causes said programmable computer processor to notauthenticate said customer computing device.
 18. The computer programproduct of claim 17, wherein: merchant data includes a unique merchantID issued to said merchant by said authentication server; and merchantdata further includes a unique transaction code issued to said merchantby said authentication server.
 19. The computer program product of claim18, further comprising: computer readable program code which causes saidprogrammable computer processor to cause said merchant computing deviceto form encrypted merchant data using a first private key and said firstdata; computer readable program code which causes said programmablecomputer processor to cause said merchant computing device to formencrypted first private key data using a first public key provided bysaid authentication server; computer readable program code which causessaid programmable computer processor to cause said merchant computingdevice to form said first encrypted data comprising said encryptedmerchant data and said encrypted first private key data.
 20. Thecomputer program product of claim 19, further comprising: computerreadable program code which causes said programmable computer processorto cause said merchant computing device to generate a first plurality ofimages, wherein said first plurality of image comprise said firstencrypted data; computer readable program code which causes saidprogrammable computer processor to cause said merchant computing deviceto display said first plurality of images on a display device.
 21. Thecomputer program product of claim 20, further comprising: computerreadable program code which causes said programmable computer processorto cause said merchant computing device to display said first pluralityof images on all sides of an image of a three-dimensional object;computer readable program code which causes said programmable computerprocessor to cause said merchant computing device to display said imageof said three-dimensional object on said display device; computerreadable program code which causes said programmable computer processorto cause said merchant computing device to rotate said image of saidthree-dimensional object on said display device in a specified directionand at a specified rotation rate.
 22. The computer program product ofclaim 20, further comprising: computer readable program code whichcauses said programmable computer processor to cause said customercomputing device to form customer data comprising a second plurality ofimages generated by said customer computing device by scanning saiddisplayed first plurality of images; computer readable program codewhich causes said programmable computer processor to cause said customercomputing device to form encrypted customer data using a second privatekey; computer readable program code which causes said programmablecomputer processor to cause said customer computing device to formencrypted second private key data using a second public key provided bysaid authentication server; computer readable program code which causessaid programmable computer processor to cause said customer computingdevice to form said second encrypted data comprising said encryptedcustomer data and said encrypted second private key data.
 23. Thecomputer program product of claim 22, the computer readable program codefurther comprising: computer readable program code which causes saidprogrammable computer processor to decrypt said encrypted first privatekey data using said first public key; computer readable program codewhich causes said programmable computer processor to decrypt saidencrypted merchant data using said first private key; computer readableprogram code which causes said programmable computer processor todecrypt said encrypted second private key data using said second publickey; computer readable program code which causes said programmablecomputer processor to decrypt said encrypted customer data using saidsecond private key; wherein said computer readable program code todetermine if said first encrypted data matches said second encrypteddata further comprising computer readable program code which causes saidprogrammable computer processor to compare said merchant data and saidcustomer data.
 24. The computer program product of claim 23, furthercomprising: computer readable program code which causes saidprogrammable computer processor to determine a customer-reporteddirection of rotation of said cube using said decrypted customer data;computer readable program code which causes said programmable computerprocessor to determine a customer-reported rate of rotation of said cubeusing said decrypted customer data; wherein said computer readableprogram code to determine if said first encrypted data matches saidsecond encrypted data further comprising computer readable program codewhich causes said programmable computer processor to compare saidcustomer-reported direction of rotation with said specified direction ofrotation; and wherein said computer readable program code to determineif said first encrypted data matches said second encrypted data furthercomprising computer readable program code which causes said programmablecomputer processor to compare said customer-reported rate of rotationwith said specified rate of rotation.